In Exchange Server 2013 and 2010 end users are able to manage their own ActiveSync mobile devices via the Exchange Control Panel. This allows them to perform tasks such as remote wiping a mobile device that is associated with their mailbox.

exchange-disable-activesync-end-user-01

For some organizations this is not desirable and they need to disable this functionality for their end users.

You can disable ActiveSync management for end users by using OWA Mailbox Policies.

A default OWA Mailbox Policy is set up for Exchange organizations but it is not applied to mailboxes automatically. For example, here we can see my organization’s default policy, and that the user Vik Kirby has no policy assigned.

[PS] C:>Get-OwaMailboxPolicy |  select name

Name
----
Default

[PS] C:>Get-CASMailbox vik.kirby | select OWAMailboxPolicy

OwaMailboxPolicy
----------------

The first thing I need to do is disable the ActiveSync features in the OWA Mailbox Policy (or create a new policy if you don’t want to mess with the default one). Then, assign the OWA Mailbox Policy to the user.

[PS] C:>Set-OwaMailboxPolicy "Default" -ActiveSyncIntegrationEnabled:$false

[PS] C:>Set-CASMailbox vik.kirby -OwaMailboxPolicy "Default"

The next time the user logs in to OWA the policy should take effect and block those features.

exchange-disable-activesync-end-user-02

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Hassnain

    Hi Paul ,

    This will totally disable ActiveSync for end users.
    What is we only need to disable management of mobile devices by the end users.

    Thanks
    Hassnain Ali

  2. Chuck

    Hi Paul,
    Does this apply to Office 365 as well?
    Thanks

Leave a Reply